Adam Nash at Webroot made the following comment:
“With 12 months to go it’s clear that SMBs in particular need to urgently focus their attention on both this issue and their wider cybersecurity posture. Webroot has found that despite 81% of UK SMBs being aware of the regulation, 20% of them have not yet started to prepare for GDPR, showing that SMBs aren’t taking compliance seriously enough.
“The fines and sanctions that can be levied for failure to comply means this needs to be a focus for SMBs. They must also consider the business impact if they are working with larger organisations that expect their suppliers to demonstrate accountability and compliance under GDPR.
“Webroot also found that three quarters (73%) do not believe customer data will be any safer due to GDPR, and 51% thought they weren’t at risk of cyberattack. This underlines the lack of understanding that prevails in SMBs toward cybersecurity, despite huge attacks such as WannaCry making the headlines.
“A number of security measures should be considered by SMBs preparing for the legislation. Firstly, they should ensure that they are minimising the risk of falling victim to cyberattack by using the most up to date security measures. Businesses can further help themselves by creating an information security policy that includes data protection measures, and by making sure that any personal data is encrypted. Lastly, appropriate measures should be in place to alert security teams of any problems, so they can act quickly to remediate them.”
Gé Drossaert, Group Chief Commercial Officer (CCO) and Member of the Board at Fidor said:
“For consumers, the EU General Data Protection Regulation (GDPR) affords them a number of additional protections regarding their data and really gives them a say in how this data is managed and used. Meanwhile, for financial institutions, with GDPR they face a regulatory landscape which is more complex and which ultimately increases their costs as they try to get ready before May 2018. However, crucially, GDPR also creates a significant opportunity for banks to become more transparent in their business practices, which can only enhance the trust levels with their customers.”
“From Fidor’s perspective, we’re in quite a good position as we can work with Fidor Bank to make sure that we are fully compliant. The importance of compliance can’t be overstated, this is because data security and protection are part of our value promise to our banking and software clients.”
Ross Brewer, vice president and managing director at LogRhythm:
“As the saying goes ‘knowledge is power’ and this couldn’t be more accurate than when discussing EU GDPR. With just one year to go until the regulations are enforced, it’s crunch time for businesses. The unfortunate truth is that every business will fall victim to a compromise at some point – that’s if they haven’t already. Companies are no longer judged when this happens; instead they are judged on what they know about the breach and how fast they respond.
“This will be exacerbated even more with the introduction of the short notification window. With only 72 hours to notify authorities and, in some cases those affected, companies will be under greater amounts of pressure to have full insight into the scope and scale of an attack as soon as it’s been identified. Time will be of the essence and it will be essential for organisations to have an accurate idea of the ‘who’, ‘what’, ‘how’ and ‘how big’ within those three days. Running the risk of under or over-disclosure could not only see companies feel the wrath of regulators, it could also lead to undue embarrassment – after all, who can forget the biggest case of over-disclosure following a recent global breach? Under GDPR, this could become a very real problem as IT teams have an even shorter amount of time to understand the magnitude of what they are dealing with.
“As a result of EU GDPR, we will see monitoring, detection and response become a much more fundamental component of a company’s cyber security strategy. Indeed, businesses will require a more coordinated and efficient approach to threat detection that goes far beyond simply deploying firewalls or anti-virus. Having an end-to-end threat lifecycle management process that gives businesses the insight and full facts of a compromise from the offset will be vital, and businesses need to make sure they are adapting their strategies now so that they are fully prepared this time next year.”